From ITaP's Messaging team regarding recent spam and phishing attacks:

Subject: [aitlf] Higher than normal spam volume over the past week

All,

We have been seeing a very large increase in the number connections to the external mail routers for smtp.purdue.edu over the last week. At first we were only getting scattered reports of increased spam due to the increased connections, but that changed this weekend.

I wanted to let you know that the Messaging staff is now seeing a large increase in spam and currently a lot of it is getting through the scanners. Could you please let your areas know that a larger than normal amount of spam is being seen by many accounts and the spam scanners are slowing catching up to it with new DATs to block it?

The issue last week was reported by many other higher education mail administrators as a spammer using a very large botnet to send 5 times the normal amount of spam. We saw a 300-500% increase in connections on our external mail routers from Monday to Wednesday. After a day or so, the reputation checks ramped up and caught most of the spam and a day later the spammer quit for unknown reasons. The logs for this weekend and today show the same pattern of increased connections.

Please ask your people to forward spam samples to the "is-spam" e-mail address, is-spam@purdue.edu. We are forwarding these samples to Sophos, so we will get additional help automatically since our DATs are downloaded on a regular basis.

Thanks,
Mick

Mick R. Haberzetle
Manager of Messaging and Application Services